Revocation Status of Smart Card Certificate Could Not Be Determined

  • Error shown to the user: The revocation status of the smart card certificate could not be determined.

The target host may be unable to validate the user certificate from the virtual smart card if:

  • It fails to obtain the CRL due to DNS or network issues.
  • The PrivX Server's IP/FQDN is misconfigured.

Potential Solution

Run the following command on the target to view certificate properties:

certutil -scinfo -pin 0

To resolve the issue, try the following:

  • Ensure that the correct IP/FQDN is accessible on the PrivX Server, and verify that DNS is configured correctly in the Windows environment.
  • Check that the CRL DP URL in the user certificate can be downloaded from the target machine using a browser or certutil.
  • Ensure that firewalls are not blocking outgoing port 80 on the target or incoming port 80 on the PrivX CA.

Also note that the PrivX CA issues an empty CRL on demand, which is valid one hour in the past and 23 hours in the future.

Was this page helpful?